10 research outputs found
BYOD Security Policy Compliance Framework
Bring Your Own Device (BYOD) is an environment that allows employees to use their own personal device to access organisation’s resources to perform their work, but it has raised some security concerns as with BYOD, organisations face bigger challenges to safeguard their information assets. Compliance with ISP is a key factor in reducing organisation’s information security risks, as such, understanding employees’ compliance behaviour and other relevant factors that influence compliance with ISP is crucial. Hence, this study aims to explore this phenomenon by investigating the factors influencing employees in complying with BYOD Information Security Policy (ISP) in Malaysian public sector. A mixed method study on five (5) ministries in the public sector is proposed for the study. The understanding of these factors would assist in systematically developing a BYOD compliance framework for the public sector. This is critical as this trend is here to stay or even expand rapidly as employees carry more than one device to the workplace. The proposed framework will help improve ISP compliance to ensure organisational information assets are well protecte
Socio-technical mitigation effort to combat cyber propaganda: a systematic literature mapping
This systematic mapping literature aims to identify current research and directions for future studies in terms of combating cyber propaganda in the social media, which is used by both human effort and technological approaches (socio-technical) for mitigation. Out of 5176 retrieved articles, only 98 of them were selected for primary studies; classified based on research artifacts, mitigation effort, and the social
media platforms involved in the research. The search was conducted using selected databases and applying selection criteria set for this research. Through the analysis, important research trends were identifed based on human effort and technological approaches in mitigating and combating the cyber-propaganda issues. The authors also identifed various mitigation socio-technical approaches such as identi�cation, detection, image recognition, prediction, truth discovery and comprehension of rumours flow. The study also highlights
areas for further improvements, to complement the performances of existing techniques. Besides, the study provides a brief review of cyber propaganda detection using classi�cation techniques. Hence, it has set forth applicable research focus on the areas dealing with the mitigation of risk borne by cyber propaganda in the social media
Information systems security management maturity model for electronic commerce small medium industries and enterprises (smi/e) using technology, organization and environment framework / Azah Anir Binti Norman
Today, the Information Systems Security Management (Information Systems Security Management
(ISSM)) maturity framework has been recognized and accepted by businesses globally.
This ISSM maturity phenomenon has shifted many business perspectives on the importance of
security management towards business information systems. The development of current ISSM
maturity framework, based on tried-and-true practices by security experts, have also expanded
many issues in the IS research scenario among which are: (i) lack of flexible framework: the
current framework developed and designed to suit brick and mortar traditional business, but
not for e-commerce that has a volatile structure; (ii) lack of theory supported framework: the
current ISSM framework is developed using tried-and-true practices of experts’ experiences
rather than based on excepted theories.
The main objective of this research is to address these two issues. The research aim is to
construct an ISSM maturity model to suit e-commerce using Technology, Organization and
Environment framework (Technology-Organization-Environment Framework (TOE)), DeLone
and McLean Information System (IS) Success Factors, Diffusion of Innovation Theory (Diffusion
of Innovation Theory (DOI)) and Ein-Dor Organizational Factors. The IS theory, IS
model, IS framework and IS organization factors were selected to help develop a flexible and
theoretically-based ISSM maturity model for the benefit of Small Medium Industries/Enterprises
(SMI/Es) that are involved in e-commerce.
This study employs a mixed-method research using the sequential mix-method procedure to
predict the conceptual relationship: (i) the research quantitative phase adopts a structural equation
modelling (Structural Equation Modelling (SEM)) technique using Partial Least Square
iv
(Partial Least Square (PLS)) method, (ii) semi-structured interviews with the selected Small
Medium Industry/Enterprise (SMI/E)s business Chief Executives Officers (Chief Executive Officer
(CEO)s) and business owners that are involved in e-commerce. The results show high
reliability of predicted variables with minimal reading of reliability score of more than 0.85,
displaying average variance extracted (Average Variance Extracted (AVE)) exceeding 0.5, indicating
adequate convergent validity of all the predicted variables developed in the conceptual
framework. The predicted relationship was proved to be significant with the score of 50.4%
showing the high influences of latent variables discussed in this ISSM maturity research.
The findings show three significant influences in ISSM maturity in e-commerce (i) technology
which are the technology usage, compatibility, complexity, relative advantage and technology
availability, (ii) organization including the human resources, formal and informal linking structures
and the communication process and (iii) the environment of which consisted of user satisfaction,
government regulations, technology support characteristics, industry characteristics
and market structure. Based on both quantitative and qualitative results, four quadrant of ISSM
maturity were presented. These quadrants were then organized to construct the ISSM maturity
model. The research contributes to the body of knowledge in twofolds: practically and academically
whereby (i) the research contributed to the development of theoretically-based ISSM
maturity model for SMI/E involved in the e-Commerce, and (ii) the research justified the theoretical
consideration (based on the selected IS theory, IS framework, IS model and IS factors)
which formed the conceptual research framework of this thesis. This research has successfully
answered all research questions where it deduced the ISSM maturity factors and described the
relationship between identified factors, hence conclusively build the ISSM maturity model
Privacy and data protection in mobile cloud computing: A systematic mapping study.
As a result of a shift in the world of technology, the combination of ubiquitous mobile networks and cloud computing produced the mobile cloud computing (MCC) domain. As a consequence of a major concern of cloud users, privacy and data protection are getting substantial attention in the field. Currently, a considerable number of papers have been published on MCC with a growing interest in privacy and data protection. Along with this advance in MCC, however, no specific investigation highlights the results of the existing studies in privacy and data protection. In addition, there are no particular exploration highlights trends and open issues in the domain. Accordingly, the objective of this paper is to highlight the results of existing primary studies published in privacy and data protection in MCC to identify current trends and open issues. In this investigation, a systematic mapping study was conducted with a set of six research questions. A total of 1711 studies published from 2009 to 2019 were obtained. Following a filtering process, a collection of 74 primary studies were selected. As a result, the present data privacy threats, attacks, and solutions were identified. Also, the ongoing trends of data privacy exercise were observed. Moreover, the most utilized measures, research type, and contribution type facets were emphasized. Additionally, the current open research issues in privacy and data protection in MCC were highlighted. Furthermore, the results demonstrate the current state-of-the-art of privacy and data protection in MCC, and the conclusion will help to identify research trends and open issues in MCC for researchers and offer useful information in MCC for practitioners
A Review of Security Awareness Approach: Ensuring Communal Learning
Users’ adherence to security policy, reduced internal security threats, appropriate security behaviour and a culture of security-aware users are among the results of an effective security awareness effort in an organisation. Generally, security awareness efforts are meant to change behaviour communally, however, most of them are actually focused on altering individual security behaviours. Thus, we conducted a systematic literature review on past research on security awareness approaches focusing on the delivery methods, program contents and theories used for the proposed security awareness program and whether they help in fostering communal change. Despite the importance of ensuring communal learning in security awareness approach, we found that only one of these studies applied an approach which promotes communal change in all four of their selected underlying theories, delivery methods and program content
MyINS: A CBR e-Commerce Application for Insurance Policies
Abstract:- This paper presents the design and development of an insurance policies recommender for prospect client. The main aims of MyINS are twofold. The first aim is to simplify the process for client in making decision base on the information recommended through this system. The second aim is to allow client to choose the insurance policy that is most suitable for them. MyINS models the reasoning process employed by insurance sale agent in proposing policy to the client using case-based reasoning algorithm (CBR). CBR, generally describe the process of solving current problems based on the proposed solution from similar past problems. MyINS works with a principle assumption that different client with different background will have different type of insurance plan suitable to each one of their needs. MyINS makes recommendation of insurance policies based on personal data and desired coverage of the policyholder from the similar past problems. Similarity assessment and demonstration of case library are also presented
A comparative review of ISMS implementation based on ISO 27000 Series in organizations of different business sectors
Organizations have different takes on Information Security Management Systems
(ISMS) since security measurements vary according to their business relevance. One way to
assure ISMS is being well-implemented is by having a standard compliance such as the ISO
27000 series. The ISO 27000 series is a family of standards that provides a framework for best
practice ISMS that helps organizations keep their information assets secure. This paper intends
to seek how organizations in different business sectors implement ISMS in their practices. By
identifying which organization attains a higher number of ISO requirements, it is anticipated
that the characteristics that increase the chances of an organization being certified can be
distinguished. This paper reviews case studies regarding the ISMS implementation based on ISO
27000 series between organizations in different business sectors. The result of this paper presents
the state of ISO compliance of the organizations. The findings also discussed the characteristics
of organizations that are applicable for certification. Through the findings, it is found that the
organization, which fulfilled the highest number of ISO requirement, has a stronger possibility
of being certified. However, ISO standards should be more dynamic to support diverse business
environment thus avoiding generalization to get compliance